The MAC hullabaloo

08Jun10

Kim Cameron has had lots of interesting things to say over the past few days about the security and privacy implications of harvesting MAC addresses in the wake of Google being somewhat caught out with their activities in this area.

Today though he has a piece where I think he’s crossed over the Chicken Little line. In the normal run of things I’d just leave a comment on his blog, but I can’t sign in – even after creating a personal information card on my new Windows 7 machine and dirtying myself with IE so that I could use the card selector. No wonder information card is dying out there.

I wholeheartedly agree that there are issues to be resolved around devices such as WiFi routers and access points in people’s homes – MACs that they can’t change. But saying that people must stick with the MACs on their devices like laptops (and therefore can’t opt out of services that use MACs as keys) is simply not true. Many of my friends routinely use fake or random MACs (particularly when on the road and accessing WiFi networks that they can’t fully trust). Doing this is pretty much trivial for Linux and OS-X users, and for Windows there’s MacMakeup.

Of course we can’t all be DE:AD:BE:EF:CA:FE all at once, but the collision space is large.